(CNN) Georgia's shotgun-toting, Trump-style Republican candidate for governor Brian Kemp has sought to assure voters that his state's election system is secure and that any allegations to the contrary are "fake news."

But Kemp, who is also the secretary of state in charge of Georgia's elections, is now being accused in a federal lawsuit of failing to secure his state's voting system and allowing a massive breach that exposed voter records and other sensitive election information.

The allegations in the lawsuit come as the subject of election security has come into focus nationally, particularly as the November's midterm elections approach. The suit describes how a private researcher discovered the records of more than 6 million registered Georgia voters, password files and encryption keys could be accessed online by anyone looking. Days after the lawsuit was filed, technicians erased the hard drives of the server in question.

Marilyn Marks, executive director of the Coalition for Good Governance, a plaintiff in the suit, argues Kemp's office long neglected basic security standards and says it remains unclear if the state's election system was infected with malware or breached by foreign hackers, which she says could have consequences for the midterm elections. She said because the data was destroyed, an independent review cannot be conducted.

WASHINGTON — FBI agents in California and Washington, D.C., have investigated a series of cyberattacks over the past year that targeted a Democratic opponent of Rep. Dana Rohrabacher (R-CA). Rohrabacher is a 15-term incumbent who is widely seen as the most pro-Russia and pro-Putin member of Congress and is a staunch supporter of President Trump.

The hacking attempts and the FBI’s involvement are described in dozens of emails and forensic records obtained by Rolling Stone.

The target of these attacks, Dr. Hans Keirstead, a stem-cell scientist and the CEO of a biomedical research company, finished third in California’s nonpartisan “top-two” primary on June 5th, falling 125 votes short of advancing to the general election in one of the narrowest margins of any congressional primary this year. He has since endorsed Harley Rouda, the Democrat who finished in second place and will face Rohrabacher in the November election.

Cybersecurity experts say that it’s nearly impossible to identify who was behind the hacks without the help of law enforcement or high-priced private cybersecurity firms that collect their own threat data. These experts speculate that the hackers could have been one of many actors: a nation-state (such as Russia), organized crime, so-called e-crime or a hacktivist with a specific agenda. The FBI did not respond to requests for comment on its involvement or any findings.

Kyle Quinn-Quesada, who was Keirstead’s campaign manager, tells Rolling Stone that the campaign is now going public about the attacks for the sake of voter awareness. “It is clear from speaking with campaign professionals around the country that the sustained attacks the Keirstead for Congress campaign faced were not unique but have become the new normal for political campaigns in 2018,” Quinn-Quesada says. He added that the Keirstead campaign did not believe the cyberattacks had an effect on the primary election results.

President Trump has reversed an Obama-era memorandum dictating how and when the U.S. government can deploy cyberweapons against its adversaries, in an effort to loosen restrictions on such operations, according to people familiar with the action.

Mr. Trump signed an order on Wednesday reversing the classified rules, known as Presidential Policy Directive 20, that had mapped out an elaborate interagency process that must be followed before U.S. use of cyberattacks, particularly those geared at foreign adversaries.

President Trump has reversed an Obama-era memorandum dictating how and when the U.S. government can deploy cyberweapons against its adversaries, in an effort to loosen restrictions on such operations, according to people familiar with the action.

Mr. Trump signed an order on Wednesday reversing the classified rules, known as Presidential Policy Directive 20, that had mapped out an elaborate interagency process that must be followed before U.S. use of cyberattacks, particularly those geared at foreign adversaries.

Sounds more like another move to get rid of 'Obama relicts' than his understanding of a cyber attack. Of course if the "deep state" would now start a cyber attack dotus would be madly twitting from the trees.

WASHINGTON (Reuters) - The U.S. Federal Bureau of Investigation is investigating a cyber attack on the congressional campaign of a Democratic candidate in California, according to three people close to the campaign.

The hackers successfully infiltrated the election campaign computer of David Min, a Democratic candidate for the House of Representatives who was later defeated in the June primary for California’s 45th Congressional district.

The incident, which has not been previously reported, follows an article in Rolling Stone earlier this week that the FBI has also been investigating a cyber attack against Hans Keirstead, a California Democrat. He was defeated in a primary in the 48th Congressional district, neighboring Min’s.

Paige Hutchinson, Min’s former campaign manager, declined to comment. An FBI spokeswoman said the bureau cannot confirm or deny an investigation.

While both Min and Keirstead later lost to other primary challengers from their own party, the two closely-watched races are considered critical, competitive battlegrounds as the Democrats seek to win back Congress from Republicans in November.

BOSTON (AP) — An expert panel of the National Academy of Sciences called for fundamental reforms to ensure the integrity of the U.S. election system, which is handicapped by antiquated technology and under stress from foreign destabilization efforts.

The cautiously worded report calls for conducting all federal, state and local elections on paper ballots by 2020. Its other top recommendation would require nationwide use of a specific form of routine post-election audit to ensure votes have been accurately counted.

The panel did not offer a price tag for its recommended overhaul. New York University's Brennan Center has estimated that replacing aging voting machines over the next few years could cost well over $1 billion.

"The extraordinary threat from foreign actors has profound implications for the future of voting and obliges us to examine, re-examine seriously, both the conduct of elections in the United States and the role of the federal and state governments in securing our elections," Lee Bollinger, president of Columbia University and co-chair of the panel, said in presenting the report Thursday.

The 156-page report — "Securing the Vote: Protecting American Democracy" — bemoans a rickety system compromised by insecure voting equipment and software whose vulnerabilities were exposed more than a decade ago and which are too often managed by officials with little training in cybersecurity.

Finally, nearly two years after the 2016 vote, members of Congress are getting closer to imposing a more robust deterrence policy. Two bipartisan bills have been introduced, one shepherded by Sen. Lindsey O. Graham (R-S.C.) and Sen. Robert Menendez (D-N.J.), and the aptly named DETER Act, whose leading co-sponsors are Sen. Marco Rubio (R-Fla.) and Sen. Chris Van Hollen (D-Md.). The Senate Banking and Foreign Relations committees held hearings Wednesday and Thursday in which witnesses such as former U.S. ambassador to Russia Michael McFaul and former undersecretary of state Nicholas Burns, both respected experts, endorsed a deterrence approach. “Putin’s a rational person,” Mr. Burns said. “He’ll understand that those are going to be the penalties; we’ve got to make sure that he perceives we’re serious about it.”

One idea is to meet future Kremlin aggression with tough, automatic sanctions. These could target the Russian energy sector, without which the country would not have much of an economy. Individualized sanctions could be aimed at top Putin cronies. Russian sovereign debt could be rendered radioactive in the West. President Trump could be legally required to impose these punishments.

On top of threatening massive automatic sanctions, Congress could give federal prosecutors more authority to go after botnets and cyber wrongdoers. One of the more creative suggestions is imposing new reporting requirement on large, suspicious real estate transactions, which might help crack down on foreign money laundering via cash purchases of expensive U.S. property.

The White House has been drawing up an executive order that might cover some of these bases, and senior administration officials have been working with members of Congress to craft a strategy with enough bite to satisfy lawmakers and enough flexibility to allay concerns in the executive branch about being locked into a long-term sanctions policy that might not be appropriate in future circumstances or one that inadvertently harms European allies. Given Mr. Trump’s past weakness on Mr. Putin, whatever policy that results must present the Kremlin with a sure, credible deterrent. To that end, it would be better if it were written into law rather than just an executive order.

It would also be better if it came sooner rather than later. As it stands, there is little time for deterrence before November’s vote. The message from now through 2020 must be clear and consistent.

How ironic. This...while Trump can't stop bragging about the size and might of our military and pouring massive amounts into making it even more obscene. While the real war against America is taking place right under his nose, with his (at least tacit) assistance.

"I know that human being and fish can coexist peacefully"
--- George W Bush

Sen. James Lankford (R-Okla.) said Tuesday that a bipartisan election security bill won’t be passed by Congress ahead of November’s midterm elections.

Lankford told The Hill that the text of the bill, known as the Secure Elections Act, is still being worked out. And with the House only being in session for a limited number of days before the elections, the chances of an election security bill being passed by then are next to none.

“The House won’t be here after this week so it’s going to be impossible to get passed,” Lankford said of the bill.

The legislation, which aims to protect elections from cyber attacks, was initially set to be addressed by a Senate committee last month. But the mark-up was abruptly postponed by Senate Rules and Administration Committee Chairman Roy Blunt (R-Mo.) over a lack of Republican support and after some secretaries of state shared concerns about the bill, a GOP Senate aide told The Hill at the time.

Defcon Voting Village report: bug in one system could “flip Electoral College”

High-speed tabulator vulnerable to remote attacks, and that's only part of the problem.

Today, six prominent information-security experts who took part in DEF CON's Voting Village in Las Vegas last month issued a report on vulnerabilities they had discovered in voting equipment and related computer systems. One vulnerability they discovered—in a high-speed vote-tabulating system used to count votes for entire counties in 23 states—could allow an attacker to remotely hijack the system over a network and alter the vote count, changing results for large blocks of voters. "Hacking just one of these machines could enable an attacker to flip the Electoral College and determine the outcome of a presidential election," the authors of the report warned.

The machine in question, the ES&S M650, is used for counting both regular and absentee ballots. The device from Election Systems & Software of Omaha, Nebraska, is essentially a networked high-speed scanner like those used for scanning standardized-test sheets, usually run on a network at the county clerk's office. Based on the QNX 4.2 operating system—a real-time operating system developed and marketed by BlackBerry, currently up to version 7.0—the M650 uses Iomega Zip drives to move election data to and from a Windows-based management system. It also stores results on a 128-megabyte SanDisk Flash storage device directly mounted on the system board. The results of tabulation are output as printed reports on an attached pin-feed printer.

The report authors—Matt Blaze of the University of Pennsylvania, Jake Braun of the University of Chicago, David Jefferson of the Verified Voting Foundation, Harri Hursti and Margaret MacAlpine of Nordic Innovation Labs, and DEF CON founder Jeff Moss—documented dozens of other severe vulnerabilities found in voting systems. They found that four major areas of "grave and undeniable" concern need to be addressed urgently. One of the most critical is the lack of any sort of supply-chain security for voting machines—there is no way to test the machines to see if they are trustworthy or if their components have been modified.

A wide majority of Americans are concerned about election security in the United States ahead of next month's midterm elections, according to a new poll.

Almost eight in 10 Americans are at least somewhat concerned about the potential hacking of the nation's voting systems, according to a University of Chicago Harris School of Public Policy and Associated Press-NORC Center for Public Affairs Research survey published Wednesday.

The poll also found that 45 percent of Americans said they are extremely or very concerned about the potential hacking, while only 22 percent said they have little or no concern that the votes will be counted accurately.

Democrats have become increasingly concerned about election security since 2016, when Russian intelligence officers are alleged to have hacked the Democratic National Committee.

According to the survey, 58 percent of Democrats are very concerned about hackers affecting the election, compared to 39 percent of Republicans. Before the 2016 election, Republicans were more concerned about hacking, according to the poll.

The voter information for approximately 35 million US citizens is being peddled on a popular hacking forum, two threat intelligence firms have discovered.

"To our knowledge this represents the first reference on the criminal underground of actors selling or distributing lists of 2018 voter registration data," said researchers from Anomali Labs and Intel471, the two companies who spotted the forum ad.

The two companies said they've reviewed a sample of the database records and determined the data to be valid with a "high degree of confidence."

Researchers say the data contains details such as full name, phone numbers, physical addresses, voting history, and other voting-related information. It is worth noting that some states consider this data public and offer it for download for free, but not all states have this policy.

The supposed data comes from 19 US states. The list and pricing, as advertised by the hacker himself, is as follows below:

WASHINGTON — The Department of Homeland Security says it's working to identify who — or what — is behind an increasing number of attempted cyber attacks on U.S. election databases ahead of next month's midterms.

"We are aware of a growing volume of cyber activity targeting election infrastructure in 2018," the department's Cyber Mission Center said in an intelligence assessment issued last week and obtained by NBC News. "Numerous actors are regularly targeting election infrastructure, likely for different purposes, including to cause disruptive effects, steal sensitive data, and undermine confidence in the election."

The assessment said the federal government does not know who is behind the attacks, but it said all potential intrusions were either prevented or mitigated.

The techniques used by the hackers are available to nation-state and non-state hackers alike, DHS said, including malicious e-mails that appear to be legitimate and denial of service attacks. The attempted hacks have been intensifying since April and were detected as recently as early October. ...

As for attempts by foreign governments to influence the U.S. political environment, the intelligence bulletin said Russia and China remain active, though in different ways. Russia attempts to spread disinformation with hackers posing as Americans, while China is engaged in more conventional propaganda efforts.

“Russia continues to use social media platforms like Facebook and Twitter to sow division and spread propaganda. In particular, the indictment alleges that Russia sought to spread false information about widespread voter fraud in California. Dangerous lies about voter fraud have also been spread by President Trump and conservative commentators. There is no widespread voter fraud in California, or any other state.

“The Republican-controlled Congress blocked extra funding to improve election security in advance of the midterm elections, as well as the bipartisan Secure Elections Act to improve information sharing between the federal government and states.

“We also should have passed legislation months ago to give the Justice Department additional resources to more quickly identify and neutralize foreign agents working in the United States to undermine our elections. Republicans should put our democracy ahead of short-term political interests.”

U.S. Begins First Cyberoperation Against Russia Aimed at Protecting Elections

WASHINGTON — The United States Cyber Command is targeting individual Russian operatives to try to deter them from spreading disinformation to interfere in elections, telling them that American operatives have identified them and are tracking their work, according to officials briefed on the operation.

The campaign, which includes missions undertaken in recent days, is the first known overseas cyberoperation to protect American elections, including the November midterms.

The operations come as the Justice Department outlined on Friday a campaign of “information warfare” by Russians aimed at influencing the midterm elections, highlighting the broad threat the American government sees from Moscow’s influence campaign. ...

Cyber Command was founded in 2009 to defend military networks but has also developed offensive capabilities. The command shares a headquarters and leadership with the National Security Agency, which collects electronic and signals intelligence. A joint Cyber Command-N.S.A. team has been working on the effort to identify and deter foreign influence campaigns. ...

Some American officials have said they were frustrated by what they viewed as President Trump’s timidity at taking on the Russians involved in election meddling. Mr. Trump has frequently wavered about whether he believes the Russians interfered in the 2016 elections to help his bid for the presidency.

Russia Is Meddling In The Midterms. The White House Just Isn't Talking About It.

The Department of Homeland Security recently gathered its top election officials and representatives from other federal agencies and states in Arlington, Virginia, to spend several hours walking reporters through election-day disaster scenarios and how the government would respond. The session focused on two scenarios: an adversary tinkering with some element of the US voting apparatus and a concentrated disinformation campaign intended to trick US voters.

“We haven’t seen any compromises, or any sort of access to election equipment, across the United States, at this point,” Chris Krebs, a DHS official, assured reporters after the walkthrough, in the only on-the-record portion of the meeting, the first ever of its kind. ...

But that’s less reassuring than it sounds. A few hours after Krebs made his comment, the Department of Justice dropped a bombshell indictment that it had been working on for months: Russia’s Internet Research Agency, the “troll factory” propaganda farm that special counsel Robert Mueller charged with a litany of crimes related to trying to influence the 2016 election, was still at it in 2018. The Justice Department alleged that Elena Khusyaynova, an IRA accountant, had engaged in a conspiracy to defraud the US by helping to craft an army of fictitious social media personalities designed to inflame American political tensions.

If that indictment seemed to come out of nowhere, that’s in part because the US government had said nearly nothing about Russian meddling for months — even though there were plenty of signs Russia was still engaged, as it had been for years, in stirring up online trouble through fake personas. ...

“The intelligence community, by its very nature, is not always able to go public with what steps they are taking to protect the integrity of our elections. That's where presidential leadership comes in — and unfortunately, we still have a president who remains reluctant to acknowledge the severity of this threat, and refuses to step up to fight it,” Mark Warner, the ranking Democrat on the Senate Intelligence Committee, told BuzzFeed News.

Trump’s reluctance is born no doubt from the finding of the US intelligence community that Russia favored Trump over Democrat Hillary Clinton in 2016 — a reluctance that remains despite the fact Trump’s own intelligence officials and the Republican head of the Senate Intelligence Committee have reiterated that conclusion. In August, the White House ordered Senate Republicans to kill a bipartisan election security bill, saying it wasn’t necessary — out of fear perhaps that it would remind people of those uncomfortable conclusions about the 2016 election.

How Voting-Machine Errors Reflect a Wider Crisis for American Democracy

When reports began circulating last week that voting machines in Texas were flipping ballots cast for Beto O’Rourke over to Ted Cruz, and machines in Georgia were changing votes for the Democratic gubernatorial candidate Stacey Abrams to those for her Republican opponent, Brian Kemp, it would not have been unreasonable to suppose that those machines had been hacked. After all, their vulnerabilities have been known for nearly two decades. In September, J. Alex Halderman, a computer-science professor at the University of Michigan, demonstrated to members of Congress precisely how easy it is to surreptitiously manipulate the AccuVote TS, a variant of the direct-recording electronic (D.R.E.) voting machines used in Georgia. In addition, Halderman noted, it is impossible to verify that the votes cast were not the votes intended, since the AccuVote does not provide a physical record of the transaction.

Election-security experts, meanwhile, used the opportunity to remind the public—yet again—how susceptible touch-screen voting machines are to error, especially because they often rely on outdated and unsupported software. As the Brennan Center for Justice cautioned back in 2008, typically machines flip votes because they aren’t properly calibrated. This can happen, and does happen, to candidates from any party. But none of that was what we were hearing from election officials themselves. “The machines do not have glitches,” Stan Stanart, the county clerk in Harris County, Texas, which uses a system called the Hart InterCivic eSlate, told a local television station. He blamed mistakes on the voters themselves.

The irony here is that these particular vote-flipping machines were deployed across the country in response to the monumental failure of punch-card voting machines during the 2000 Presidential election, when so-called hanging chads very likely resulted in the wrong man winning. The crisis that ensued inspired a bipartisan Congress, in 2002, to pass the Help America Vote Act (HAVA). Among other things, HAVA created the Election Assistance Commission, which it then deputized to test and certify voting machines. The act also allocated millions of dollars for election-infrastructure upgrades, much of which was used to replace traditional voting machines with computerized machines like eSlate and the AccuVoteTS. Georgia, in fact, was the first state to adopt D.R.E. touch screens statewide.

Those machines are still in service, despite their well-documented problems. A lawsuit to compel Georgia to use paper ballots in the November midterms fell short in September, when Judge Amy Totenberg, of the U.S. District Court for the Northern District of Georgia, ruled that there was not enough time to get a paper-ballot system up and running. But she also wrote that the plaintiffs had shown that Georgia’s voting machines posed “a concrete risk of alteration of ballot counts that would impact their own votes.” Totenberg added that “given the absence of an independent paper audit trail of the vote, the scope of this threat is difficult to quantify, though even a minor alteration of votes in close electoral races can make a material difference in the outcome.”

Twitter removes thousands of accounts that tried to dissuade Democrats from voting

Twitter has deleted thousands of automated accounts posting messages that tried to discourage and dissuade voters from casting their ballot in the upcoming election next week.

Some 10,000 accounts were removed across late September and early October after they were first flagged by staff at the Democratic Party, the company has confirmed.

“We removed a series of accounts for engaging in attempts to share disinformation in an automated fashion – a violation of our policies,” said a Twitter spokesperson in an email to TechCrunch. “We stopped this quickly and at its source.” But the company did not provide examples of the kinds of accounts it removed, or say who or what might have been behind the activity.

The accounts posed as Democrats and try to convince key demographics to stay at home and not vote, likely as an attempt to sway the results in key election battlegrounds, according to Reuters, which first reported the news.

Adding:

NBC News: In secret chats, trolls struggle to get Twitter disinformation campaigns off the ground

The messages highlight the arms race between trolls and social media companies that are developing systems to stop them.

Hackers have ramped up their efforts to meddle with the country’s election infrastructure in the weeks leading up to Tuesday’s midterms, sparking a raft of investigations into election interference, internal intelligence documents show.

The hackers have targeted voter registration databases, election officials, and networks across the country, from counties in the Southwest to a city government in the Midwest, according to Department of Homeland Security election threat reports reviewed by the Globe. The agency says publicly all the recent attempts have been prevented or mitigated, but internal documents show hackers have had “limited success.”

The recent incidents, ranging from injections of malicious computer code to a massive number of bogus requests for voter registration forms, have not been publicly disclosed until now.

Federal agencies have logged more than 160 reports of suspected meddling in US elections since Aug. 1, documents show. The pace of suspicious activity has picked up in recent weeks — up to 10 incidents each day — and officials are on high alert. ...

Last Thursday night, West Virginia Senator Joe Manchin’s social media accounts were hacked just hours before a campaign debate. His office did not say who was behind the hack, but noted it was working with federal law enforcement. On Friday, Twitter announced it had taken down more than 10,000 automated accounts that were posting messages that discouraged voting, Reuters reported.

Adding:

CBC: Russia embraces new tactics in effort to influence U.S. midterm elections

'Fake news' has become less effective as Americans become more aware of the problem, expert says